You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@guacamole.apache.org by "Mike Jumper (Jira)" <ji...@apache.org> on 2023/05/17 22:59:00 UTC
[jira] [Assigned] (GUACAMOLE-1674) RDP NLA security mode incompatible with FIPS
[ https://issues.apache.org/jira/browse/GUACAMOLE-1674?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Mike Jumper reassigned GUACAMOLE-1674:
--------------------------------------
Assignee: Mike Jumper
> RDP NLA security mode incompatible with FIPS
> ---------------------------------------------
>
> Key: GUACAMOLE-1674
> URL: https://issues.apache.org/jira/browse/GUACAMOLE-1674
> Project: Guacamole
> Issue Type: Bug
> Reporter: James Muehlner
> Assignee: Mike Jumper
> Priority: Major
> Fix For: 1.6.0, 1.5.2
>
>
> RDP connections established when guacd is running on a FIPS-enabled server do not work with the NLA security method.
> This appears to be due to FIPS-compatible ciphers not being implemented when using NLA security mode.
> For more information, see the following bug report: [https://github.com/FreeRDP/FreeRDP/issues/5746]
> It seems like this issue might possibly have been fixed in FreeRDP master in [this PR|[https://github.com/FreeRDP/FreeRDP/pull/7934],] but the changes are unreleased (and involve a major version bump to FreeRDP 3), so it's unlikely that we'll be able to use that fix, assuming it works, until Guacamole is fully migrated to a released version of FreeRDP 3.
> For now, we should probably just explicitly disable the NLA mode on the Guacamole side if FIPS is enabled, logging a warning if needed.
> Related: GUACAMOLE-1669
--
This message was sent by Atlassian Jira
(v8.20.10#820010)